chore: refactors uds tasks and adds smoke test (#344)

Co-authored-by: decleaver <85503726+decleaver@users.noreply.github.com>
Co-authored-by: UncleGedd <42304551+UncleGedd@users.noreply.github.com>

.github/actions/setup/action.yaml

@@ -12,7 +12,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
       with:
-        node-version: 21.1.0
+        node-version: 22.9.0
 
     - name: Set up Homebrew
       uses: Homebrew/actions/setup-homebrew@00f483c95eacf401cf9f4aa3746964071a747334 # master

.github/workflows/nightly-release.yaml

@@ -2,7 +2,7 @@ name: Nightly Release
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 9 * * *' # Runs at 9:00 AM UTC, which is 3:00 AM MT during Daylight Saving Time
+    - cron: "0 9 * * *" # Runs at 9:00 AM UTC, which is 3:00 AM MT during Daylight Saving Time
 
 permissions:
   contents: read
@@ -34,13 +34,16 @@ jobs:
       - name: Setup Environment (Go, Node, Homebrew, UDS CLI, k3d)
         uses: ./.github/actions/setup
 
+      - name: smoke-test
+        run: uds run test:smoke --set DIR=hack/smoke-test
+
       - name: Publish
         run: |
           uds run build:publish-uds-runtime --set REF=nightly-unstable --set DIR=hack/nightly
 
       - name: Build binary artifacts
         run: |
-          uds run setup:build-all
+          uds run build:all
 
       - name: Update nightly-unstable tag
         env:

.github/workflows/scan-lint.yaml

@@ -28,7 +28,7 @@ jobs:
 
       # build ui so ui/build exists when pre-commit runs
       - name: build-ui
-        run: uds run setup:build-ui
+        run: uds run build:ui
 
       - name: Run pre-commit
         uses: pre-commit/action@f7acafac0271bdd064cdfa1b13f17b4350e565ed #

.github/workflows/tag-and-release.yaml

@@ -43,13 +43,16 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: smoke-test
+        run: uds run test:smoke --set DIR=hack/smoke-test
+
       - name: Publish
         run: |
           uds run build:publish-uds-runtime
 
       - name: Build binary artifacts
         run: |
-          uds run setup:build-all
+          uds run build:all
 
       - name: Upload Release Artifact
         env:

CONTRIBUTING.md

@@ -54,39 +54,7 @@ Most of the actions needed for running and testing UDS Runtime are contained in
 > !NOTE
 > Tasks are used in CI. See the [pull request workflow](.github/workflows/pr-tests.yaml) for an example.
 
-A list of runnable tasks from `uds run --list-all`
-
-| Name                        | Description                                                                                                    |
-| --------------------------- | -------------------------------------------------------------------------------------------------------------- |
-| dev-server                  | run the api server in dev mode (requires air https://github.com/air-verse/air?tab=readme-ov-file#installation) |
-| dev-ui                      | run the ui in dev mode                                                                                         |
-| compile                     | compile the api server and ui outputting to build/                                                             |
-| test:e2e                    | run end-to-end tests (assumes api server is running on port 8080)                                              |
-| test:go                     | run api server unit tests                                                                                      |
-| test:ui-unit                | run frontend unit tests                                                                                        |
-| test:unit                   | run all unit tests (backend and frontend)                                                                      |
-| test:deploy-load            | deploy some Zarf packages to test against                                                                      |
-| test:deploy-min-core        | install min resources for UDS Core                                                                             |
-| lint:all                    | Run all linters                                                                                                |
-| lint:golangci               | Run golang linters                                                                                             |
-| lint:yaml                   | Run yaml linters                                                                                               |
-| lint:ui                     | Run ui lint and type check                                                                                     |
-| lint:format-ui              | Format ui code                                                                                                 |
-| setup:build-api             | build the go api server for the local platform                                                                 |
-| setup:build-api-linux-amd64 | build the go api server for linux amd64 (used for multi-arch container)                                        |
-| setup:build-api-linux-arm64 | build the go api server for linux arm64 (used for multi-arch container)                                        |
-| setup:build-ui              | build ui                                                                                                       |
-| setup:slim-cluster          | Create a k3d cluster and deploy core slim dev with metrics server                                              |
-| setup:simple-cluster        | Create a k3d cluster, no core                                                                                  |
-| setup:golangci              | Install golangci-lint to GOPATH using install.sh                                                               |
-| setup:clone-core            | Clone uds-core for custom slim dev setup                                                                       |
-| setup:metrics-server        | Create and deploy metrics server from cloned core                                                              |
-| build:publish-uds-runtime   | publish the uds runtime including its image and Zarf pkg (multi-arch)                                          |
-| build:push-container        | build container and push to GHCR (multi-arch)                                                                  |
-| build:build-zarf-packages   | build the uds runtime zarf packages (multi-arch)                                                               |
-| build:publish-zarf-packages | publish uds runtime zarf packages (multi-arch)                                                                 |
-| swagger:generate            | Generate Swagger docs                                                                                          |
-| swagger:test                | Ensure no changes to Swagger docs                                                                              |
+To view a complete list of all runnable tasks, run `uds run --list-all`.
 
 API authentication is enabled by default. To disable it, you can set the `API_AUTH_DISABLED` environment variable to true when running the backend. When running the backend and frontend locally with API auth enabled, when you start the backend, it will print a URL to the console with the api token query parameter as well as launch the app in your browser. If you are also running the frontend locally (via `npm run dev`), you will want to grab the token and update the url in your browser to use port `:5173` which is used by default. Example: `http://localhost:5173/auth?token=your-token-here`. More information on API authentication can be found in the [API Auth docs](./docs/api-auth.md).
 

hack/smoke-test/smoke-values.yaml

@@ -0,0 +1,4 @@
+image:
+  repository: uds-runtime
+  tag: smoke-test
+  pullPolicy: Always

hack/smoke-test/zarf.yaml

@@ -0,0 +1,22 @@
+kind: ZarfPackageConfig
+metadata:
+  name: uds-runtime
+  description: smoke test of nightly release of uds-runtime
+  version: smoke-test
+
+variables:
+  - name: DOMAIN
+    default: "uds.dev"
+
+components:
+  - name: uds-runtime
+    required: true
+    images:
+      - uds-runtime:smoke-test # local copy of uds-runtime
+    charts:
+      - name: uds-runtime
+        localPath: ../../chart
+        namespace: uds-runtime
+        version: 0.1.0
+        valuesFiles:
+          - smoke-values.yaml

tasks.yaml

@@ -31,5 +31,5 @@ tasks:
   - name: compile
     description: "compile the api server and ui outputting to build/"
     actions:
-      - task: setup:build-ui
-      - task: setup:build-api
+      - task: build:ui
+      - task: build:api

tasks/build.yaml

@@ -1,6 +1,3 @@
-includes:
-  - setup: setup.yaml
-
 variables:
   - name: REF
     description: "reference for the runtime image and zarf package"
@@ -12,6 +9,47 @@ variables:
     default: .
 
 tasks:
+  - name: all
+    description: build all the CLI binaries and gen checksums
+    actions:
+      - task: ui
+      - task: api-linux-amd64
+      - task: api-linux-arm64
+      - task: api-darwin-amd64
+      - task: api-darwin-arm64
+      - cmd: sha256sum build/* > build/checksums.txt
+
+  - name: api-linux-amd64
+    description: "build the go api server for linux amd64 (used for multi-arch container)"
+    actions:
+      - cmd: CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o build/uds-runtime-linux-amd64 .
+
+  - name: api-linux-arm64
+    description: "build the go api server for linux arm64 (used for multi-arch container)"
+    actions:
+      - cmd: CGO_ENABLED=0 GOARCH=arm64 GOOS=linux go build -o build/uds-runtime-linux-arm64 .
+
+  - name: api-darwin-amd64
+    description: "build the go api server for darwin amd64"
+    actions:
+      - cmd: CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o build/uds-runtime-darwin-amd64 .
+
+  - name: api-darwin-arm64
+    description: "build the go api server for darwin arm64"
+    actions:
+      - cmd: CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o build/uds-runtime-darwin-arm64 .
+
+  - name: api
+    description: "build the go api server for the local platform"
+    actions:
+      - cmd: CGO_ENABLED=0 go build -o ./build/uds-runtime .
+
+  - name: ui
+    description: "build ui"
+    actions:
+      - cmd: npm ci && npm run build
+        dir: ui
+
   - name: publish-uds-runtime
     description: "publish the uds runtime including its image and Zarf pkg (multi-arch)"
     actions:
@@ -24,9 +62,9 @@ tasks:
     actions:
       - cmd: rm -fr build ui/build
       - cmd: go mod tidy
-      - task: setup:build-ui
-      - task: setup:build-api-linux-amd64
-      - task: setup:build-api-linux-arm64
+      - task: ui
+      - task: api-linux-amd64
+      - task: api-linux-arm64
       - cmd: |
           docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/defenseunicorns/uds-runtime:${REF} --push .
 
@@ -45,3 +83,12 @@ tasks:
         dir: ${DIR}
       - cmd: ./uds zarf p publish build/zarf-package-uds-runtime-arm64-${REF}.tar.zst oci://ghcr.io/defenseunicorns/packages/uds
         dir: ${DIR}
+
+  - name: smoke-img-pkg
+    description: "build docker image and zarf package for nightly smoke test"
+    actions:
+      - task: ui
+      - task: api-linux-amd64
+      - cmd: docker build --build-arg TARGETARCH=amd64 -t uds-runtime:smoke-test -f ./Dockerfile .
+      - cmd: uds zarf package create -o build --confirm
+        dir: ${DIR}

tasks/setup.yaml

@@ -2,46 +2,10 @@ includes:
   - common: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.13.0/tasks/setup.yaml
 
 tasks:
-  - name: build-api
-    description: "build the go api server for the local platform"
+  - name: full-core
+    description: "Create a k3d cluster and deploy full core dev"
     actions:
-      - cmd: CGO_ENABLED=0 go build -o ./build/uds-runtime .
-
-  - name: build-all
-    description: build all the CLI binaries and gen checksums
-    actions:
-      - task: build-ui
-      - task: build-api-linux-amd64
-      - task: build-api-linux-arm64
-      - task: build-api-darwin-amd64
-      - task: build-api-darwin-arm64
-      - cmd: sha256sum build/* > build/checksums.txt
-
-  - name: build-api-linux-amd64
-    description: "build the go api server for linux amd64 (used for multi-arch container)"
-    actions:
-      - cmd: CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o build/uds-runtime-linux-amd64 .
-
-  - name: build-api-linux-arm64
-    description: "build the go api server for linux arm64 (used for multi-arch container)"
-    actions:
-      - cmd: CGO_ENABLED=0 GOARCH=arm64 GOOS=linux go build -o build/uds-runtime-linux-arm64 .
-
-  - name: build-api-darwin-amd64
-    description: "build the go api server for darwin amd64"
-    actions:
-      - cmd: CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -o build/uds-runtime-darwin-amd64 .
-
-  - name: build-api-darwin-arm64
-    description: "build the go api server for darwin arm64"
-    actions:
-      - cmd: CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin go build -o build/uds-runtime-darwin-arm64 .
-
-  - name: build-ui
-    description: "build ui"
-    actions:
-      - cmd: npm ci && npm run build
-        dir: ui
+      - task: commmon:k3d-full-cluster
 
   - name: slim-cluster
     description: "Create a k3d cluster and deploy core slim dev with metrics server"
@@ -51,10 +15,16 @@ tasks:
       - task: metrics-server
 
   - name: simple-cluster
-    description: "Create a k3d cluster, no core"
+    description: "Create a uds-k3d cluster, no core"
     actions:
       - cmd: uds zarf package deploy oci://ghcr.io/defenseunicorns/packages/uds-k3d:0.7.0 --confirm
 
+  - name: k3d
+    description: "start a plain k3d cluster"
+    actions:
+      - cmd: |
+          k3d cluster delete runtime && k3d cluster create runtime --k3s-arg "--disable=traefik@server:*" --k3s-arg "--disable=servicelb@server:*"
+
   - name: golangci
     description: "Install golangci-lint to GOPATH using install.sh"
     actions:

tasks/test.yaml

@@ -1,27 +1,28 @@
 includes:
   - setup: ./setup.yaml
+  - build: ./build.yaml
 
 tasks:
   - name: api-auth
     description: "run end-to-end tests (assumes api server is running on port 8080)"
     actions:
-      - task: setup:build-ui
+      - task: build:ui
       - cmd: npm run test:install # install playwright
         dir: ui
-      - task: setup:build-api
-      - cmd: |
-          k3d cluster delete runtime && k3d cluster create runtime --k3s-arg "--disable=traefik@server:*" --k3s-arg "--disable=servicelb@server:*"
+      - task: build:api
+      - task: setup:k3d
       - task: deploy-load
       - cmd: npm run test:api-auth
         dir: ui
+
   - name: e2e
     description: "run end-to-end tests (assumes api server is running on port 8080)"
     actions:
-      - task: setup:build-ui
+      - task: build:ui
       - cmd: npm run test:install # install playwright
         dir: ui
-      - task: setup:build-api
-      - task: k3d
+      - task: build:api
+      - task: setup:k3d
       - task: deploy-load
       - cmd: npm run test:integration
         dir: ui
@@ -40,7 +41,7 @@ tasks:
   - name: unit
     description: "run all unit tests (backend and frontend)"
     actions:
-      - task: setup:build-ui
+      - task: build:ui
         description: "build ui since embedded in main.go"
       - task: go-unit
       - task: ui-unit
@@ -49,8 +50,8 @@ tasks:
     description: "run api server tests"
     actions:
       - description: "build ui since embedded in main.go"
-        task: setup:build-ui
-      - task: k3d
+        task: build:ui
+      - task: setup:k3d
       - task: deploy-load
       - cmd: npm ci && npm run load:api
         dir: hack/load-test
@@ -84,8 +85,41 @@ tasks:
             --set resources.requests.memory=256Mi --set resources.requests.cpu=100m
         description: deploy minio to test PVCs
 
-  - name: k3d
-    description: "start a k3d cluster"
+  - name: smoke
+    description: "runtime nightly smoke tests"
     actions:
-      - cmd: |
-          k3d cluster delete runtime && k3d cluster create runtime --k3s-arg "--disable=traefik@server:*" --k3s-arg "--disable=servicelb@server:*"
+      - task: build:smoke-img-pkg
+      - task: setup:slim-cluster
+      - cmd: uds zarf package deploy build/zarf-package-uds-runtime-amd64-smoke-test.tar.zst --confirm
+        dir: ${DIR}
+      - description: Validate Runtime Pod
+        wait:
+          cluster:
+            kind: Pod
+            name: app=uds-runtime
+            condition: Ready
+            namespace: uds-runtime
+        maxTotalSeconds: 30
+      - description: Validate Runtime Interface
+        wait:
+          network:
+            protocol: https
+            address: runtime.admin.uds.dev
+            code: 200
+        maxTotalSeconds: 20
+      - description: Verify Runtime is protected by checking redirect
+        maxRetries: 3
+        cmd: |
+          set -e
+          SSO_REDIRECT=$(uds zarf tools kubectl run curl-test --image=cgr.dev/chainguard/curl:latest -q --restart=Never --rm -i -- -Ls -o /dev/null -w %{url_effective} "https://runtime.admin.uds.dev")
+          case "${SSO_REDIRECT}" in
+          "https://sso.uds.dev"*)
+              echo "Protected by authservice"
+              ;;
+          *)
+              # Fallback option if the condition is false
+              echo "Runtime is not protected by authservice"
+              echo $SSO_REDIRECT
+              exit 1
+              ;;
+          esac